libevent: update to 2.1.13.
Fix pkglint while here.
Changes in version 2.1.13-stable (01 July 2026)
This release contains several security fixes, affecting users of the
following modules: evbuffer, bufferevent, evtag, evrpc, evdns, evhttp.
If you have a program that uses one of those modules,
or if you distribute libevent, you should upgrade.
Additionally, this release backports some small modernizations to
the libevent codebase, to aid in compiling with the compilers
released over the last few years.
Security Fixes (evtag, evrpc):
- Fix an out-of-bounds read in decode_tag_internal.
(Found by @Brubbish. GHSA-fj29-64w6-73h6)
- Fix an integer overflow in evtag_unmarshal_header.
[33 lines not shown]
ld.elf_so(1): Bump _rtld_objgen when changing, not reading, objlist.
Prompted by:
PR lib/59751: dlclose is not MT-safe depending on the libraries
unloaded
ld.elf_so(1): Resolve several races in dlopen/dlclose.
This is difficult because, although rtld generally has a single
exclusive lock, i.e., generally runs single-threaded itself, it can't
hold this lock while calling constructors/destructors (init/fini or
ifunc) -- if it did, then, for example, lazy symbol binding that
happens during the constructor/destructor would deadlock against
itself.
And whenever rtld drops the lock to call constructors/destructors,
any objects it is working on, during dlopen or dlclose, might have
been concurrently closed and invalidated by the time it gets the lock
again.
The key point is that anywhere we pass a sigset_t *mask parameter
during dlopen or dlclose, we might release the rtld lock to sleep and
then reacquire the lock. And anywhere we might release and reacquire
the lock, any objects we hold may be invalidated -- unless we hold some
reference to prevent invalidation. And any object we find in the list
[129 lines not shown]
sdmmc: remove unused cmd fields
c_dmaseg and c_dmaoff are only written using memset(&cmd, 0) when
constructing a command, so they always assume a constant value and can be
removed.
powerdns: Update to version 5.1.3
5.1.3
Released: 30th of June 2026
This is release 5.1.3 of the Authoritative Server.
It contains one new double feature and a few bug fixes.
New Features
Implement SOA-EDIT spreading + RRSIG expiry extension setting.
Bug Fixes
REST API: escaping issue with generic record syntax
pdnsutil: non-interactive zone edit
set version in meson.build in autoconf make dist path
declare enable-lua-record-updates unconditionally
meson: fix missing symbols for backend dylibs